
Photo by Barnabas Piper on Unsplash
Enforce secure workstation configurations
Baseline
When an organization has no overarching configuration or security policy, with no senior administrator overseeing systems management, you often find yourself constantly reacting to problems and reapplying the same fix over and over, such as manually renaming hosts, re-installing missing packages, creating custom partition tables, and handling different models of full disk encryption (or sometimes none at all). The accumulation of these minor deviations creates a quiet chaos, unnoticed by senior management until it becomes critical.
The worst-case scenario occurs when a remote attacker infiltrates the local network. A vulnerability on a public-facing Windows server can allow an attacker to gain initial access, and with the use of harvested credentials and remote administration tools, they can move laterally across the network, eventually compromising workstations and sending malicious email. Inconsistent auditing and a lack of a common secure baseline will allow an attacker to continue their activities throughout an enterprise, leading to a temporary halt in production and reformatting of all networked assets.
The key takeaway is not about a specific exploit, but rather the issues of configuration drift and the insufficient time allocated for proper orchestration. However, if a declarative configuration model has been implemented, you can enforce consistency, detect drift, and notice when core system features are changed on specific hosts.
Building System Configuration Management
The difference between a lab on the brink and a resilient enterprise often lies in one word: automation. Administrators must be able to rebuild workstations to minimize downtime. Automated installations and imperative configuration scripts, which define step-by-step instructions to reach a desired system state, have long been effective for system setup. However, they often require physical access, are more
...Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
